Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week we’re looking at three ways you can avoid falling victim to a vishing attack.
Huge discounts, massive promotional campaigns, and a cheerful festive spirit—the holiday season is officially in full swing! ‘Tis the season of joy and giving, but it looks like some people may have missed the memo. You see, while you’re receiving holiday wishes and the season’s greetings from your loved ones, there’s another group of people carrying out their own kind of wishing, except it goes against everything this holiday season stands for: I’m talking about vishing attacks.
Vishing, a portmanteau of the terms “voice” and “phishing,” is a social engineering attack where threat actors attempt to extract sensitive information from an unsuspecting victim over the phone.
Historically, the holiday season has always seen an increase in cyberattacks, so let’s ensure we’re doing everything we can to keep our data safe.
Three ways to avoid falling victim to a vishing attack
1. Cybersecurity awareness
Let’s start with something simple (and quite obvious): an adequate knowledge of cybersecurity and cyberthreats can go a long way in helping you secure your data. No matter how advanced cyberthreats become, cybersecurity awareness—and sometimes even basic common sense—can help you avoid compromising your data.
Make sure you have at least basic cybersecurity awareness and that you’re aware of the processes companies follow when reaching out to their customers. Remember, a legitimate company will never ask you to share personal data via email or a call.
When dealing with a vishing attack, there are several telltale signs that person on the other end of the line might be trying to pull a fast one on you. Here are the two biggest giveaways of a vishing scam:
-
Asking you to share sensitive information over the call, especially banking information
-
Questionable payment methods (gift cards or cryptocurrency, for example)
2. Question everything
Don’t be afraid to ask questions; if you get a call from someone claiming to be a bank representative, for example, make sure to collect as many details as possible about them. If that person does indeed work for the bank as they claim, they won’t hesitate to share any verifiable information about their employment. It’s also important to note that caller IDs aren’t trustworthy, as they can easily be spoofed.
Vishers typically also like to create a fake sense of urgency, which may cause you to panic. And of course, when you’re panicking, you usually don’t think straight and are more likely to give in to their demands without questioning them. Staying with example of the impostor bank representative, they may try to convince you that there’s something wrong with your bank account and you need to pay a fee to avoid further issues. In such a case, feel free to reach out to your bank directly to verify these claims.
There are also other cases where a visher may purport to be a law enforcement agent or paramedic, claiming that a family member has met with an accident and you need to immediately transfer some money so they can be given medical help. That’s not how emergency medical response works, but in a state of panic, you might be more inclined to comply with these demands. Again, all you need to do is make a phone call to check on the family member who’s supposedly been involved in the accident to realize that the call was a scam attempt.
3. If it’s too good to be true, it probably is
On the other end of the spectrum, vishers may carry out scams where they attempt to lure you in with promises of gifts or other rewards. It could be a call claiming that you’ve won a huge sum of money or an all-expense-paid trip to a tropical island paradise; the only caveat being, you need to pay some money or share sensitive personal information to access the reward. In such cases, vishers may also attempt to create a sense of urgency by making a time-sensitive offer where you’re required to make the payment during the call itself to claim the reward.
Here’s the thing, you’re not going to win a lottery or sweepstakes that you haven’t entered. And if you have entered such a contest, make sure to check the official announcement or the contest website. Once again, as is the theme here, common sense and cybersecurity awareness will come to your rescue. And don’t forget, if something’s too good to be true, it probably is.
Don’t let the vishers steal Christmas
Remember, vishers thrive on ignorance and scare tactics. So make sure you’re exercising good judgement and practice good cybersecurity hygiene, especially considering the increased risk during the holiday season. Make sure you also report such incidents to the authorities and inform as many people as possible. This can greatly reduce the effectiveness of vishing attacks as vishers generally follow the same M.O. when carrying out their scams. Let’s make sure you and the people around you don’t find themselves at the receiving end of the wrong kind of vishing this holiday season.